deprecate allow_privileged_containers (#204)

* deprecate allow_privileged_containers * Automated docs update * disable local test --------- Co-authored-by: Dean Oren <[email protected]> Co-authored-by: do87 <[email protected]>
SchwarzIT · Oct 25, 2023 · 5f80399 · 5f80399
1 parent 86284be
commit 5f80399
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,11 @@
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/SchwarzIT/terraform-provider-stackit)](https://goreportcard.com/report/github.com/SchwarzIT/terraform-provider-stackit) <!--workflow-badge-->[![GitHub Workflow Status](https://img.shields.io/badge/Acceptance%20Tests-59%20passed%2C%202%20failed-success)](https://github.com/SchwarzIT/terraform-provider-stackit/actions/workflows/acceptance_test.yml)<!--revision-cc5ffe91-62f9-440e-b977-307d11db1288--><!--workflow-badge--><br />[![GitHub release (latest by date)](https://img.shields.io/github/v/release/SchwarzIT/terraform-provider-stackit)](https://registry.terraform.io/providers/SchwarzIT/stackit/latest/docs) [![GitHub go.mod Go version of a Go module](https://img.shields.io/github/go-mod/go-version/gomods/athens.svg)](https://github.com/gomods/athens) [![License](https://img.shields.io/badge/License-Apache_2.0-lightgray.svg)](https://opensource.org/licenses/Apache-2.0)
 
-The STACKIT provider is a project developed and maintained by the STACKIT community within Schwarz IT. Please note that it is not an official provider endorsed or maintained by STACKIT.
+The STACKIT provider is a project developed and maintained by the STACKIT community within Schwarz IT.
+
+**⚠️ Important:** This project will continue be maintained as long as internal teams are using it.
+
+> Note that the official STACKIT provider can be found [here](https://github.com/stackitcloud/terraform-provider-stackit).<br />To migrate to the official provider from the community provider, [refer to the migration notes](https://github.com/stackitcloud/terraform-provider-stackit/blob/main/MIGRATION.md).
 
 📖 [Provider Documentation](https://registry.terraform.io/providers/SchwarzIT/stackit/latest/docs)
 

diff --git a/docs/resources/kubernetes_cluster.md b/docs/resources/kubernetes_cluster.md
@@ -40,7 +40,7 @@ resource "stackit_kubernetes_cluster" "example" {
 
 ### Optional
 
-- `allow_privileged_containers` (Boolean) Should containers be allowed to run in privileged mode? Default is `true`
+- `allow_privileged_containers` (Boolean, Deprecated) Should containers be allowed to run in privileged mode? Default is `true`
 - `extensions` (Attributes) A single extensions block as defined below (see [below for nested schema](#nestedatt--extensions))
 - `hibernations` (Attributes List) One or more hibernation block as defined below (see [below for nested schema](#nestedatt--hibernations))
 - `kubernetes_project_id` (String, Deprecated) The ID of a `stackit_kubernetes_project` resource

diff --git a/stackit/internal/data-sources/kubernetes/cluster/data_source_test.go b/stackit/internal/data-sources/kubernetes/cluster/data_source_test.go
@@ -30,7 +30,7 @@ func TestAcc_kubernetes(t *testing.T) {
 				Config: config(name, "nodepl", "c1.2"),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "name", name),
-					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "allow_privileged_containers", "false"),
+					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "allow_privileged_containers", ""),
 					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "node_pools.0.name", "nodepl"),
 					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "node_pools.0.machine_type", "c1.2"),
 					resource.TestCheckResourceAttr("data.stackit_kubernetes_cluster.example", "node_pools.0.os_name", "flatcar"),
@@ -71,7 +71,6 @@ resource "stackit_kubernetes_cluster" "example" {
 	project_id         = "%s"
 	name               = "%s"
 	kubernetes_version = "1.26"
-	allow_privileged_containers = false
 	
 	node_pools = [{
 		name         = "%s"

diff --git a/stackit/internal/data-sources/kubernetes/cluster/helpers.go b/stackit/internal/data-sources/kubernetes/cluster/helpers.go
@@ -16,6 +16,8 @@ func transform(c *Cluster, cl *cluster.Cluster) {
 	c.KubernetesVersionUsed = types.StringValue(cl.Kubernetes.Version)
 	if cl.Kubernetes.AllowPrivilegedContainers != nil {
 		c.AllowPrivilegedContainers = types.BoolValue(*cl.Kubernetes.AllowPrivilegedContainers)
+	} else {
+		c.AllowPrivilegedContainers = types.BoolNull()
 	}
 	if cl.Status.Aggregated != nil {
 		c.Status = types.StringValue(string(*cl.Status.Aggregated))

diff --git a/stackit/internal/resources/kubernetes/cluster/helpers.go b/stackit/internal/resources/kubernetes/cluster/helpers.go
@@ -72,14 +72,13 @@ func (c *Cluster) clusterConfig(versionOptions []*semver.Version) (cluster.Kuber
 
 	pvlg := c.AllowPrivilegedContainers.ValueBool()
 	cfg := cluster.Kubernetes{
-		Version:                   clusterConfigVersion.String(),
-		AllowPrivilegedContainers: &pvlg,
+		Version: clusterConfigVersion.String(),
 	}
 
-	if c.AllowPrivilegedContainers.IsNull() || c.AllowPrivilegedContainers.IsUnknown() {
-		pvlg := DefaultAllowPrivileged
+	if clusterConfigVersion.Compare(semver.MustParse("1.25.0")) == -1 {
 		cfg.AllowPrivilegedContainers = &pvlg
 	}
+
 	return cfg, nil
 }
 
@@ -294,6 +293,8 @@ func (c *Cluster) Transform(cl cluster.Cluster) {
 	c.KubernetesVersionUsed = types.StringValue(cl.Kubernetes.Version)
 	if cl.Kubernetes.AllowPrivilegedContainers != nil {
 		c.AllowPrivilegedContainers = types.BoolValue(*cl.Kubernetes.AllowPrivilegedContainers)
+	} else {
+		c.AllowPrivilegedContainers = types.BoolValue(DefaultAllowPrivileged)
 	}
 	c.Status = types.StringValue(string(*cl.Status.Aggregated))
 	c.NodePools = []NodePool{}

diff --git a/stackit/internal/resources/kubernetes/cluster/resource_test.go b/stackit/internal/resources/kubernetes/cluster/resource_test.go
@@ -53,7 +53,7 @@ func TestAcc_kubernetes(t *testing.T) {
 				Config: configExtended(name, "new-nodepl", "c1.2"),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "name", name),
-					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "allow_privileged_containers", "false"),
+					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "allow_privileged_containers", "true"),
 					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "node_pools.0.name", "new-nodepl"),
 					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "node_pools.0.machine_type", "c1.2"),
 					resource.TestCheckResourceAttr("stackit_kubernetes_cluster.example", "node_pools.0.os_name", "flatcar"),
@@ -127,7 +127,6 @@ func configExtended(name, nodepoolName, machineType string) string {
 resource "stackit_kubernetes_cluster" "example" {
 	project_id 					  = "%s"
 	name               			  = "%s"
-	allow_privileged_containers   = false
 	
 	node_pools = [{
 		name         = "%s"

diff --git a/stackit/internal/resources/kubernetes/cluster/schema.go b/stackit/internal/resources/kubernetes/cluster/schema.go
@@ -143,10 +143,11 @@ func (r *Resource) Schema(ctx context.Context, req resource.SchemaRequest, resp
 				Computed:    true,
 			},
 			"allow_privileged_containers": schema.BoolAttribute{
-				Description: "Should containers be allowed to run in privileged mode? Default is `true`",
-				Optional:    true,
-				Computed:    true,
-				Default:     booldefault.StaticBool(DefaultAllowPrivileged),
+				Description:        "Should containers be allowed to run in privileged mode? Default is `true`",
+				DeprecationMessage: "This attribute is deprecated starting from v1.25",
+				Optional:           true,
+				Computed:           true,
+				Default:            booldefault.StaticBool(DefaultAllowPrivileged),
 			},
 
 			"node_pools": schema.ListNestedAttribute{